The SUPERFORTUNE project team reported a security incident in which a hacker stole 14.98 million GUA tokens (approximately $15 million at the time of the transaction).
We are investigating a security incident that occurred for the token, $GUA, through a suspected address poisoning attack on May 27, 2026, which has caused significant volatility on the token.
Initial findings indicate an address manipulation through a multisig transaction…
— SUPERFORTUNE AI (@SUPERFORTUNE888) May 28, 2026
According to the report, the incident occurred on May 27. The project team explained that the issue stemmed from address manipulation in a multisig transaction. Developers intended to send tokens to a contract for airdrop payments, but the funds were redirected to the hacker's wallet, which matched the original wallet's first and last four characters.
Analysts at EmberCN confirmed that the stolen assets were quickly liquidated. The mass sale of tokens caused GUA's price to plummet by over 75%.
— 余烬 (@EmberCN) May 28, 2026
The hacker is believed to have converted the assets into 2,784 ETH (approximately $5.66 million) and distributed the funds across three new addresses.
Initially, it was thought that the project had fallen victim to "address poisoning." However, during the subsequent investigation, the SUPERFORTUNE team deemed this scenario unlikely.
“The hacker's address had not previously interacted with the project's infrastructure. Additionally, our internal procedures include multiple verification steps for credentials before signing multisig transactions,” project representatives stated.
The SUPERFORTUNE team has involved law enforcement and cybersecurity experts to analyze the causes of the incident and track the movement of the stolen funds.
It is worth noting that on May 22, Polymarket confirmed a compromise of its private key, resulting in a loss of approximately $700,000.